1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Release Notes
    5. Prisma™ Cloud Release Information
    6. Features Introduced in 2023
    7. Features Introduced in February 2023

    Features Introduced in February 2023

    Learn what’s new on Prisma™ Cloud in February 2023.

    New Features

    FEATURE
    DESCRIPTION
    Enhancement
    Role Assignment Modification for SSO Sign-In
    If you have enabled access to users on Prisma Cloud using SSO with JIT provisioning, you can no longer modify their roles in the Prisma Cloud administrative console, unless they have previously been added to an SSO bypass list. The role management for these users needs to be completed from the Identity Provider (IdP) for the change to take effect.
    Users on the SSO bypass list can modify their roles and login directly to the Prisma Cloud console using credentials. However, once you opt to sign-in using SSO, your role will get reset to the IdP provisioned role.

    API Ingestions

    SERVICE
    API DETAILS
    Amazon ECR
    aws-ecr-registry
    Additional permissions required:
    • ecr:GetRegistryPolicy
    • ecr:DescribeRegistry
    • ecr:DescribePullThroughCacheRules
    You must manually add the permissions or update the CFT template to enable them.
    Amazon Chime
    aws-chime-voice-connector
    Additional permissions required:
    • chime:ListVoiceConnectors
    • chime:GetVoiceConnectorLoggingConfiguration
    The Security Audit role only includes the 
    chime:ListVoiceConnectors
    permission.
    You must manually add the permission or update the CFT template to enable 
    chime:GetVoiceConnectorLoggingConfiguration
    .
    Google Analytics Hub
    gcloud-analytics-hub-data-exchange-listing
    Additional permissions required:
    • analyticshub.dataExchanges.list
    • analyticshub.listings.list
    • analyticshub.dataExchanges.getIamPolicy
    The Viewer role includes the permissions.
    Google Compute Engine
    gcloud-compute-external-vpn-gateway
    Additional permission required:
    • compute.externalVpnGateways.list
    The Viewer role includes the permission.
    Google Dataproc Metastore
    gcloud-dataproc-metastore-federation
    Additional permissions required:
    • metastore.locations.list
    • metastore.federations.list
    • metastore.federations.getIamPolicy
    The Viewer role includes the permissions.

    New Policies

    NEW POLICIES
    DESCRIPTION
    DNS Rebinding Activity Anomaly Policy
    A new
    DNS rebinding activity
     anomaly policy is now available on the
    Policies
     page in Prisma Cloud. It detects when computing resources perform domain requests for rebinding domains by inspecting every DNS request performed by all monitored compute resources and looking for consecutive anomalous requests.
    By default, the alert disposition of the policy is set to conservative.
    Azure AKS cluster is not configured with disk encryption set
    Identifies AKS clusters that are not configured with disk encryption set. Azure Key Vault Provider for Secrets Store CSI Driver allows for the integration of an Azure key vault as a secrets store with an Azure Kubernetes Service (AKS) cluster via a CSI volume. It is recommended to enable secret store CSI driver for your Kubernetes clusters.
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-kubernetes-cluster' AND json.rule = properties.powerState.code equal ignore case Running and properties.addonProfiles.azureKeyvaultSecretsProvider.enabled is false
    Azure Service Fabric cluster not configured with cluster protection level security
    Identifies Service Fabric clusters that are not configured with cluster protection level security. Service Fabric provides levels of protection for node-to-node communication using a primary cluster certificate. It is recommended to set the protection level to ensure that all node-to-node messages are encrypted and digitally signed.
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-service-fabric-cluster' AND json.rule = properties.provisioningState equal ignore case Succeeded and ((properties.fabricSettings[*].name does not equal ignore case "Security" and properties.fabricSettings[*].parameters[*].name does not equal ignore case "ClusterProtectionLevel") or (properties.fabricSettings[?any(name equal ignore case "Security" and parameters[?any(name equal ignore case "ClusterProtectionLevel" and value equal ignore case "None")] exists )] exists))

    Policy Updates

    POLICY UPDATES
    DESCRIPTION
    Policy Updates-RQL
    AWS EC2 instance that is internet reachable with unrestricted access (0.0.0.0/0) other than HTTP/HTTPS port
    Changes—
     The policy name and description are updated.The policy RQL is updated to report instances configured with HTTP (80) and HTTP (443) ports, which are in active state only.
    Current Name—
     AWS EC2 instance that is internet reachable with unrestricted access (0.0.0.0/0) other than HTTP/HTTPS port
    Updated Name—
     AWS EC2 instance that is internet reachable with unrestricted access (0.0.0.0/0)
    Updated Description—
     Identifies AWS EC2 instances that are internet reachable with unrestricted access (0.0.0.0/0). EC2 instances with unrestricted access to the internet may enable bad actors to use brute force on a system to gain unauthorised access to the entire network. As a best practice, restrict traffic from unknown IP addresses and limit the access to known hosts, services, or specific entities.
    Current RQL—
    config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' )
    Updated RQL—
    config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.resource.state = 'Active'
    Impact—
     Medium. Existing alerts will be resolved as
    Policy_Updated
     for instances that are no longer active. New alerts are generated when the instance is connected to the internet and configured with an HTTP / HTTPS port.
    AWS Glue connection do not have SSL configured
    Changes—
     The policy RQL has been updated to exclude AWS Glue with connection type as Network from reporting because they cannot be configured for SSL.
    Current RQL—
    config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-glue-connection' AND json.rule = (connectionType equals KAFKA and connectionProperties.KAFKA_SSL_ENABLED is false) or (connectionType does not equal KAFKA and connectionProperties.JDBC_ENFORCE_SSL is false)
    Updated RQL—
    config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-glue-connection' AND json.rule = ((connectionType equals KAFKA and connectionProperties.KAFKA_SSL_ENABLED is false) or (connectionType does not equal KAFKA and connectionProperties.JDBC_ENFORCE_SSL is false)) and connectionType does not equal "NETWORK"
    Impact—
     Low. Existing alerts will be resolved as
    Policy_Updated
    .
    Azure Virtual Network subnet is not configured with a Network Security Group
    Changes—
     The policy RQL is updated to exclude the private endpoint and private link associated subnets.
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-subnet-list' AND json.rule = networkSecurityGroupId does not exist and name does not equal ignore case "GatewaySubnet" and name does not equal ignore case "AzureFirewallSubnet" and ['properties.delegations'][*].['properties.serviceName'] does not equal "Microsoft.Netapp/volumes" and ['properties.privateEndpointNetworkPolicies'] equals Enabled and ['properties.privateLinkServiceNetworkPolicies'] equals Enabled
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-subnet-list' AND json.rule = networkSecurityGroupId does not exist and name does not equal ignore case "GatewaySubnet" and name does not equal ignore case "RouteServerSubnet" and name does not equal ignore case "AzureFirewallSubnet" and ['properties.delegations'][*].['properties.serviceName'] does not equal "Microsoft.Netapp/volumes"
    Impact—
     Medium. Existing alerts will be resolved as
    Policy_Updated
     for which private endpoint is in disabled state. New alerts are generated for private endpoints in disabled state with no network security group.
    Policy Updates-Metadata
    GCP VPC Network subnets have Private Google access disabled
    Changes—
     The policy remediation CLI command description to define granular permissions required for running the remediation CLI command is updated.
    Updated Remediation CLI Description—
     This CLI command requires 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.setPrivateIpGoogleAccess' and 'compute.subnetworks.update' permissions. Successful execution will enable GCP VPC Network subnets 'Private Google access'.
    Impact—
     No impact on alerts.
    GCP Storage buckets are publicly accessible to all authenticated users
    Changes—
     The policy remediation CLI command description to define granular permissions required for running the remediation CLI command is updated.
    Updated Remediation CLI Description—
     This CLI command requires 'storage.buckets.getIamPolicy’ and 'storage.buckets.setIamPolicy' permissions. Successful execution will revoke 'allAuthenticatedUsers' permission access in GCP Storage buckets.
    Impact—
     No impact on alerts.
    GCP Storage log buckets have object versioning disabled
    Changes—
     The policy remediation CLI command description to define granular permissions required for running the remediation CLI command is updated.
    Updated Remediation CLI Description—
     This CLI command requires 'storage.buckets.update' permission. Successful execution will enable GCP Storage log buckets 'versioning'.
    Impact—
     No impact on alerts.
    GCP Storage buckets are publicly accessible to all users
    Changes—
     The policy remediation CLI command description to define granular permissions required for running the remediation CLI command is updated.
    Updated Remediation CLI Description—
     This CLI command requires 'storage.buckets.getIamPolicy' and 'storage.buckets.setIamPolicy' permissions. Successful execution will revoke 'allUsers' permission access in GCP Storage buckets.
    Impact—
     No impact on alerts.

    New Compliance Benchmarks and Updates

    COMPLIANCE BENCHMARK
    DESCRIPTION
    Update
    AWS Foundational Security Best Practices Standard
    The AWS Foundational Security Best Practices standard has been updated to map default policies to the relevant sections.
    Impact—
     No impact on alerts. The compliance report score will be impacted because of the new mapping.

    Changes in Existing Behavior

    FEATURE
    DESCRIPTION
    Google Cloud Task Update
    Prisma Cloud will no longer ingest
    gcloud-cloud-task
     API related resources because these are ephemeral. As a result, all
    gcloud-cloud-task
     resources will be deleted from your tenant.
    Impact—
     No impact on alerts.

    Deprecation Notices

    FEATURE
    DESCRIPTION
    Legacy IaC Scan on app.govcloud.io is End of Support
    Prisma Cloud no longer supports legacy IaC scanning on GovCloud. The IaC Scan plugins and the DevOps dashboard have been removed from the platform.

    New Features

    FEATURE
    DESCRIPTION
    Asset Class Filter
    An Asset Class is an an asset attribute that aligns with the generally intended application of a given asset type. The new
    Asset Class
     filter is available on the
    Asset Inventory
     and
    Alerts Overview
     pages and allows you to filter assets based on the following asset classes:
    • Code
    • Compute
    • Database
    • Identity and Security
    • Network
    • Other
    • Storage
      When you use this filter, the results on the Prisma Cloud console are narrowed to display the list of assets that match your criterion.
    Performance Improvements for Investigate RQL Queries
    The
    config
     and
    event
     query results on the
    Investigate
     page are optimized to load the initial set of results significantly faster. To enable faster load times, the backend automatically uses a heuristic search to retrieve search results for your query. When you enter the query and click
    Search
    , the interface loads the first 100 search results, and you can use the
    Load More
     button to fetch more results. The
    Get Total Count
     button enables you to get a full count of all pertinent results, and is available for eligible queries that include attributes that support the heuristic search only.
    All
    config
     attributes
    except
     cloud.accountgroup, azure.resource.group, limit search records, aggregate functions (count and group by), and all finding type attributes such as finding.type, finding.severity, are currently optimized for faster search results. For event queries, the attribute cloud type supports heuristic search.
    API Access Key Expiration Notifications
    Prisma Cloud allows you to create and manage API keys to facilitate programmatic access to our features and functionality. To ensure uninterrupted access to Prisma Cloud APIs, you can now set up the following Access Key Expiration Notifications:
    • Email notifications for named user Access Keys
    • Alarm Center notifications for Service Account Access Keys
    Navigate to
    Enterprise Settings
    Access Key Expiration Notifications
     to set a notification threshold prior to access key expiration.
    Updates to Access Key Expiration Notifications settings may take up to 24 hours to take effect.
    Support for AWS Tags on Prisma Cloud IAM
    Prisma Cloud IAM now supports AWS tags. Leverage tags to create RQL queries and dynamic custom policies, by using specific tags to group your cloud resources, roles, groups, policies, etc. when defining your alert rules.
    Send Audit Logs to External Integrations
    Forward audit logs from Prisma Cloud to an external integration that you have configured to integrate with your existing security workflows.
    • Select
      Settings
      Enterprise Settings
      .
    • Enable,
      Send Audit Logs to integration
      .
    • Select the AWS SQS or Webhooks notification channel to send the audit logs.
      All new audit logs that are generated after you enable the integration will be sent to this channel. You can view the audit logs on
      Settings
      Audit Logs
       on Prisma Cloud.
    Prisma Cloud does not forward
    Successful Login
     type audit log messages to external integrations to minimize noise and log flooding. However, all other audit log types can be forwarded to any supported external integration such as Webhook or SQS. For example, Prisma Cloud does not forward the following audit log message.
    'xxx@paloaltonetworks.com'(with role 'System Admin':'System Admin') logged in via password
    Support for Azure Permission Levels on Prisma Cloud IAM
    Prisma Cloud IAM now leverages Azure Permission levels for better visibility into your Azure identity permissions, providing you with a more granular view of granted permissions. In addition, you can use these new attributes to create custom policies to more closely monitor your cloud resources.
    Update
    IAM Query Attributes
    The new 
    CONTAINS ALL
    operator is now supported for the
    action.name
     attribute. With this operator, you can run queries with AND logic in between values. For example, if you want to get only roles that contain all actions: X, Y, and Z:
    config from iam where action.name CONTAINS ALL ( 'Microsoft.AgFoodPlatform/farmBeats/seasons/write', 'Microsoft.AgFoodPlatform/fields/delete' )
    Use this operator to more granularly query groups, roles, and policies.

    API Ingestions

    SERVICE
    API DETAILS
    Amazon CloudWatch
    aws-cloudwatch-insight-rule
    Additional permissions required:
    • cloudwatch:DescribeInsightRules
    • cloudwatch:ListTagsForResource
    The Security Audit role includes the permissions.
    Amazon Kinesis Video
    aws-kinesis-video-stream
    Additional permissions required:
    • kinesisvideo:ListTagsForStream
    • kinesisvideo:ListStreams
    • kinesisvideo:DescribeNotificationConfiguration
    You must add the permissions manually or use CFT template to update the permissions.
    Google Analytics Hub
    gcloud-analytics-hub-data-exchange
    Additional permission required:
    • analyticshub.dataExchanges.list
    The Viewer role includes the permission.
    Google Compute Engine
    gcloud-compute-vpn-gateway
    Additional permission required:
    • compute.vpnGateways.list
    The Viewer role includes the permission.
    Google Compute Engine
    gcloud-compute-target-vpn-gateway
    Additional permission required:
    • compute.targetVpnGateways.list
    The Viewer role includes the permission.
    OCI Certificate
    oci-certificate-certificates
    Additional permissions required:
    • inspect leaf-certificates
    • read leaf-certificates
    You must manually add these permissions.
    OCI Cloud Guard
    oci-cloudguard-security-zone
    Additional permissions required:
    • inspect security-zone
    • read security-zone
    You must manually add these permissions.
    OCI Cloud Guard
    oci-cloudguard-security-recipe
    Additional permissions required:
    • inspect security-recipe
    • read security-recipe
    You must manually add these permissions.
    OCI Data Safe
    oci-data-safe-private-endpoint
    Additional permissions required:
    • inspect data-safe-private-endpoints
    • read data-safe-private-endpoints
    You must manually add these permissions.
    OCI Data Safe
    oci-data-safe-target-database
    Additional permissions required:
    • inspect target-databases
    • read target-databases
    You must manually add these permissions.
    OCI IAM
    oci-iam-dynamic-group
    Additional permission required:
    • inspect dynamic-groups
    You must manually add the permission.
    OCI NoSQL Database
    oci-nosql-database-table
    Additional permissions required:
    • inspect nosql-tables
    • read nosql-tables
    You must manually add these permissions.
    OCI Scanning
    oci-scanning-host-scantarget
    Additional permissions required:
    • inspect host-scan-targets
    • read host-scan-targets
    You must manually add these permissions.
    OCI Scanning
    oci-scanning-host-scanrecipe
    Additional permissions required:
    • inspect host-scan-recipes
    • read host-scan-recipes
    You must manually add these permissions.
    OCI Vaults
    oci-vault-keyvault
    Additional permissions required:
    • inspect vaults
    • read vaults
    You must manually add these permissions.

    New Policies

    NEW POLICIES
    DESCRIPTION
    AWS SSM documents are public
    Identifies list of SSM documents that are public and might allow unintended access. A public SSM document can expose valuable information about your account, resources, and internal processes. It is recommended to only share SSM documents to only few private AWS accounts based on the requirement.
    config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-ssm-document' AND json.rule = accountSharingInfoList[*].accountId equal ignore case "all"
    AWS CloudFront distributions does not have a default root object configured
    Identifies list of CloudFront distributions which does not have default root object configured. If a CloudFront distribution does not have a default root object configured, requests for the root of your distribution pass to your origin server which might return a list of the private contents of your origin. To avoid exposing the contents of your distribution or returning an error it is recommended to specify a default root object.
    config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-cloudfront-list-distributions' AND json.rule = defaultRootObject is empty
    Azure Storage account is not configured with private endpoint connection
    Identifies Storage accounts that are not configured with a private endpoint connection. Azure Storage account private endpoints can be configured using Azure Private Link. Private Link allows users to access an Azure Storage account from within the virtual network or from any peered virtual network. When Private Link is combined with restricted NSG policies, it helps reduce the risk of data exfiltration. It is recommended to configure Private Endpoint Connection to Storage account.
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-storage-account-list' AND json.rule = properties.provisioningState equals Succeeded and networkRuleSet.defaultAction equal ignore case Allow and networkRuleSet.virtualNetworkRules is empty and networkRuleSet.ipRules[*] is empty and properties.privateEndpointConnections[*] is empty
    Azure Microsoft Defender for Cloud set to Off for Resource Manager
    Identifies Azure Microsoft Defender for Cloud which has defender setting for Resource Manager (ARM) set to Off. Enabling Azure Defender for ARM provides protection against issues like Suspicious resource management operations, Use of exploitation toolkits, Lateral movement from the Azure management layer to the Azure resources data plane. It is highly recommended to enable Azure Defender for ARM.
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-security-center-settings' AND json.rule = pricings[?any(name equal ignore case Arm and properties.pricingTier does not equal ignore case Standard)] exists
    GCP SQL server instance database flag 3625 (trace flag) is not set to on
    Identifies GCP SQL server instance for which database flag 3625 (trace flag) is not set to on. Trace flag can help prevent the disclosure of sensitive information by masking the parameters of some error messages using '*', for users who are not members of the sysadmin fixed server role. It is recommended to set 3625 (trace flag) database flag for SQL Server instance to on.
    config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-sql-instances-list' AND json.rule = "databaseVersion contains SQLSERVER and state equals RUNNABLE and (settings.databaseFlags[*].name does not contain 3625 or settings.databaseFlags[?any(name contains 3625 and value contains off)] exists)"

    Policy Updates

    POLICY UPDATES
    DESCRIPTION
    Policy Updates-RQL
    Activity Log Retention should not be set to less than 365 days
    Changes—
     The policy name, description,and recommendations are updated according to the latest vendor UI settings.The policy RQL is updated to check log profile status so that disabled log profiles will be reported.
    Current Name—
     Activity Log Retention should not be set to less than 365 days
    Updated Name—
     Azure Activity Log retention should not be set to less than 365 days
    Updated Description—
     Identifies Log profiles which have log retention set to less than 365 days. Log profile controls how your Activity Log is exported and retained. Since the average time to detect a breach is over 200 days, it is recommended to retain your activity log for 365 days or more in order to have time to respond to any incidents.
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND cloud.service = 'Azure Monitor' AND api.name = 'azure-monitor-log-profiles-list' AND json.rule = 'isLegacy is true and (properties.retentionPolicy !exists or (properties.retentionPolicy.days != 0 and properties.retentionPolicy.days < 365))'
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-monitor-log-profiles-list' AND json.rule = isLegacy is true and (properties.retentionPolicy does not exist or properties.retentionPolicy.enabled is false or (properties.retentionPolicy.enabled is true and (properties.retentionPolicy.days does not equal 0 and properties.retentionPolicy.days < 365)))
    Impact—
     Low. New alerts will be generated for disabled log profiles.
    Policy Updates-Metadata
    AWS Certificate Manager (ACM) has invalid or failed certificate
    Changes—
     The policy description is updated.
    Updated Description—
     Identifies certificates in ACM which are either in Invalid or Failed state. If the ACM certificate is not validated within 72 hours, it becomes Invalid. An ACM certificate fails when,
    • the certificate is requested for invalid public domains
    • the certificate is requested for domains which are not allowed
    • missing contact information
    • typographical errors
    In such cases (Invalid or Failed certificate), you will have to request for a new certificate. It is strongly recommended to delete the certificates which are in failed or invalid state.
    Impact—
     No impact on alerts.
    AWS ECS/ Fargate task definition root user found
    Changes—
     The policy name and description are updated.
    Current Name—
     AWS ECS/ Fargate task definition root user found
    Updated Name—
     AWS ECS Fargate task definition root user found
    Updated Description—
     Identifies AWS ECS Fargate task definition which has user name as root. As a best practice, the user name to use inside the container should not be root. Note: This parameter is not supported for Windows containers.
    Impact—
     No impact on alerts.
    CloudTrail trail is not integrated with CloudWatch Log
    Changes—
     The policy name and description are updated.
    Current Name—
     CloudTrail trail is not integrated with CloudWatch Log
    Updated Name—
     AWS CloudTrail trail logs is not integrated with CloudWatch Log
    Updated Description—
     Identifies AWS CloudTrail which has trail logs that are not integrated with CloudWatch Log. Enabling the CloudTrail trail logs integrated with CloudWatch Logs will enable the real-time as well as historic activity logging. This will further improve monitoring and alarm capability.
    Impact—
     No impact on alerts.
    S3 buckets with configurations set to host websites
    Changes—
     The policy name and description are updated.
    Current Name—
     S3 buckets with configurations set to host websites
    Updated Name—
     AWS S3 buckets with configurations set to host websites
    Updated Description—
     Identifies AWS S3 buckets that are configured to host websites. To host a website on AWS S3 you should configure a bucket as a website. By frequently surveying these S3 buckets, you can ensure that only authorized buckets are enabled to host websites. Make sure to disable static website hosting for unauthorized S3 buckets.
    Impact—
     No impact on alerts.
    Azure Storage account container storing activity logs is publicly accessible
    Changes—
     The policy recommendation steps are updated to reflect CSP UI changes.
    Impact—
     No impact on alerts.
    Azure Container Registry does not use a dedicated resource group
    Changes—
     The policy description and recommendation steps are updated to according to the new URL linked provided by CSP.
    Impact—
     No impact on alerts.
    SQL Instances do not have SSL configured
    Changes—
     The policy name, description, and recommendation steps are updated.
    Current Name—
     SQL Instances do not have SSL configured
    Updated Name—
     GCP SQL Instances do not have valid SSL configuration
    Updated Description—
     Identifies GCP SQL instances that do not have valid SSL configuration with an unexpired SSL certificate. Cloud SQL supports connecting to an instance using the Secure Socket Layer (SSL) protocol. If Cloud SQL Auth proxy is not used for authentication, it is recommended to utilize SSL for connection to SQL Instance, ensuring the security for data in transit.
    Impact—
     No impact on alerts.
    SQL DB Instance backup Binary logs configuration is not enabled
    Changes—
     The policy name, description, and recommendation steps are updated.
    Current Name—
     SQL DB Instance backup Binary logs configuration is not enabled
    Updated Name—
     GCP SQL MySQL DB instance point-in-time recovery backup (Binary logs) is not enabled
    Updated Description—
     identifies Cloud SQL MySQL DB instances whose point-in-time recovery backup is not enabled. In case of an error, point-in-time recovery helps you recover an instance to a specific point in time. It is recommended to enable automated backups with point-in-time recovery to prevent any data loss in case of an unwanted scenario.
    Impact—
     No impact on alerts.

    Changes in Existing Behavior

    FEATURE
    DESCRIPTION
    Global Region Support for Google VPC Firewall Rule
    Prisma Cloud now provides global region support for
    gcloud-compute-firewall-rules-list
    . Due to this, all the resources will be deleted, and then regenerated on the management console.
    Existing alerts corresponding to this resource are resolved as Resource_Deleted, and new alerts will be generated against policy violations.
    Impact
    —You may notice a reduced count for the number of alerts. However, the alert count will return to the original numbers once the resources for
    gcloud-compute-firewall-rules-list
     start ingesting data again.
    Google VPC Network API Update
    Prisma Cloud now provides global region support, as well as a backend update to the resource ID for the
    gcloud-compute-networks-list API
    . As a result, all resources for this API will be deleted and then regenerated on the management console.
    Existing alerts corresponding to these resources will be resolved as Resource_Updated, and new alerts will be generated against policy violations if any.
    Impact
    —You may notice a reduced alert count. However, once the resources for
    gcloud-compute-networks-list
     resume ingesting data, the alert count will return to the original numbers.

    REST API Updates

    CHANGE
    DESCRIPTION
    Update
    Enterprise Settings API
    The
    response
     object for the GET /settings/enterprise endpoint now include the following additional properties:
    • auditLogSiemIntgrIds
    • auditLogsEnabled
    The
    request
     body and
    response
     object for the POST /settings/enterprise endpoint now include the following additional properties:
    • auditLogSiemIntgrIds
    • auditLogsEnabled

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo